Assets Discovery: Using correct key for SFTP_RSA Export type
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When you're configuring the Discovery tool or Collector with the export type SFTP_RSA, it's possible that you'll have to generate a key using the ssh-keygen command. If the algorithm isn't accepted by the target system, you could encounter an error similar to this one:
Jul 07 11:42:34 <hostname> sshd[5626]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]Environment
Discovery 3.1.2 and later
Cause
For exporting the Discovery Scan results using SFTP_RSA, you need to create the key using the ssh-keygen command. To do this, use the following:
ssh-keygen -t rsa -m PEMSometimes, you may encounter the following error if the algorithm isn't compatible with the target system. For example, in the given scenario, an error will be displayed if the SSH-RSA algorithm isn't supported.
Jul 07 11:42:34 <hostname> sshd[5626]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]Solution
Discovery uses the latest version of the SSH.NET library. Check the list of supported host key algorithms:
ssh-ed25519
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa
ssh-dss
So, if the ssh-rsa algorithm isn't supported, you should use any of the other supported algorithms to generate a new key. For example, you can use the following command:
ssh-keygen -t ssh-ed25519 -m PEMOther notes
Amazon Linux 2023 (AL2023) includes a default configuration that disables the legacy ssh-rsa host key algorithm and generates a reduced set of host keys.
So, to connect to this server, you should use other keys, such as ssh-ed25519 or the ecdsa-sha2-nistp256 host key algorithm.
Was this helpful?